proxmox-mirrors/fwupd
1
0
Fork 0
mirror of https://git.proxmox.com/git/fwupd synced 2025-07-27 12:54:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Allow specifing the DeviceIntegrity flag from metadata

Browse Source
This commit is contained in:
Richard Hughes 2022-02-19 22:11:45 +00:00
parent 758d5d8c6f
commit f3a13f89dd
9 changed files with 49 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libfwupdplugin/fu-device.c
View File

@ -239,6 +239,8 @@ fu_device_internal_flag_to_string(FuDeviceInternalFlags flag)
return "no-lid-closed";
if (flag == FU_DEVICE_INTERNAL_FLAG_NO_PROBE)
return "no-probe";
if (flag == FU_DEVICE_INTERNAL_FLAG_MD_SET_SIGNED)
return "md-set-signed";
return NULL;
}
@ -301,6 +303,8 @@ fu_device_internal_flag_from_string(const gchar *flag)
return FU_DEVICE_INTERNAL_FLAG_NO_LID_CLOSED;
if (g_strcmp0(flag, "no-probe") == 0)
return FU_DEVICE_INTERNAL_FLAG_NO_PROBE;
if (g_strcmp0(flag, "md-set-signed") == 0)
return FU_DEVICE_INTERNAL_FLAG_MD_SET_SIGNED;
return FU_DEVICE_INTERNAL_FLAG_UNKNOWN;
}

9
libfwupdplugin/fu-device.h
View File

@ -438,6 +438,15 @@ typedef guint64 FuDeviceInternalFlags;
*/
#define FU_DEVICE_INTERNAL_FLAG_NO_PROBE (1ull << 22)
/**
* FU_DEVICE_INTERNAL_FLAG_MD_SET_SIGNED:
*
* Set the signed/unsigned payload from the metadata if available.
*
* Since: 1.7.6
*/
#define FU_DEVICE_INTERNAL_FLAG_MD_SET_SIGNED (1ull << 23)
/* accessors */
gchar *
fu_device_to_string(FuDevice *self);

1
plugins/ata/fu-ata-device.c
View File

@ -874,6 +874,7 @@ fu_ata_device_init(FuAtaDevice *self)
fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_REQUIRE_AC);
fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UPDATABLE);
fu_device_add_internal_flag(FU_DEVICE(self), FU_DEVICE_INTERNAL_FLAG_INHERIT_ACTIVATION);
fu_device_add_internal_flag(FU_DEVICE(self), FU_DEVICE_INTERNAL_FLAG_MD_SET_SIGNED);
fu_device_set_summary(FU_DEVICE(self), "ATA drive");
fu_device_add_icon(FU_DEVICE(self), "drive-harddisk");
fu_device_add_protocol(FU_DEVICE(self), "org.t13.ata");

1
plugins/emmc/fu-emmc-device.c
View File

@ -544,6 +544,7 @@ fu_emmc_device_init(FuEmmcDevice *self)
{
fu_device_add_protocol(FU_DEVICE(self), "org.jedec.mmc");
fu_device_add_icon(FU_DEVICE(self), "media-memory");
fu_device_add_internal_flag(FU_DEVICE(self), FU_DEVICE_INTERNAL_FLAG_MD_SET_SIGNED);
}
static void

1
plugins/flashrom/fu-flashrom-device.c
View File

@ -72,6 +72,7 @@ static void
fu_flashrom_device_init(FuFlashromDevice *self)
{
fu_device_add_protocol(FU_DEVICE(self), "org.flashrom");
fu_device_add_internal_flag(FU_DEVICE(self), FU_DEVICE_INTERNAL_FLAG_MD_SET_SIGNED);
}
static void

1
plugins/nvme/fu-nvme-device.c
View File

@ -448,6 +448,7 @@ fu_nvme_device_init(FuNvmeDevice *self)
{
fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_REQUIRE_AC);
fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UPDATABLE);
fu_device_add_internal_flag(FU_DEVICE(self), FU_DEVICE_INTERNAL_FLAG_MD_SET_SIGNED);
fu_device_set_version_format(FU_DEVICE(self), FWUPD_VERSION_FORMAT_PLAIN);
fu_device_set_summary(FU_DEVICE(self), "NVM Express solid state drive");
fu_device_add_icon(FU_DEVICE(self), "drive-harddisk");

1
plugins/redfish/fu-redfish-device.c
View File

@ -809,6 +809,7 @@ fu_redfish_device_init(FuRedfishDevice *self)
fu_device_add_internal_flag(FU_DEVICE(self), FU_DEVICE_INTERNAL_FLAG_MD_SET_VERFMT);
fu_device_add_internal_flag(FU_DEVICE(self), FU_DEVICE_INTERNAL_FLAG_MD_SET_ICON);
fu_device_add_internal_flag(FU_DEVICE(self), FU_DEVICE_INTERNAL_FLAG_MD_SET_VENDOR);
fu_device_add_internal_flag(FU_DEVICE(self), FU_DEVICE_INTERNAL_FLAG_MD_SET_SIGNED);
fu_device_register_private_flag(FU_DEVICE(self),
FU_REDFISH_DEVICE_FLAG_IS_BACKUP,
"is-backup");

1
plugins/uefi-capsule/fu-uefi-device.c
View File

@ -735,6 +735,7 @@ fu_uefi_device_init(FuUefiDevice *self)
{
fu_device_set_summary(FU_DEVICE(self), "UEFI ESRT device");
fu_device_add_protocol(FU_DEVICE(self), "org.uefi.capsule");
fu_device_add_internal_flag(FU_DEVICE(self), FU_DEVICE_INTERNAL_FLAG_MD_SET_SIGNED);
fu_device_register_private_flag(FU_DEVICE(self),
FU_UEFI_DEVICE_FLAG_NO_UX_CAPSULE,
"no-ux-capsule");

30
src/fu-engine.c
View File

@ -3740,6 +3740,34 @@ fu_engine_md_refresh_device_vendor(FuEngine *self, FuDevice *device, XbNode *com
}
}
static void
fu_engine_md_refresh_device_signed(FuEngine *self, FuDevice *device, XbNode *component)
{
const gchar *value = NULL;
/* require data */
if (component == NULL)
return;
/* already set, possibly by a quirk */
if (fu_device_has_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_SIGNED_PAYLOAD) ||
fu_device_has_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UNSIGNED_PAYLOAD))
return;
/* copy 1:1 */
value = xb_node_query_text(component, "custom/value[@key='LVFS::DeviceIntegrity']", NULL);
if (value != NULL) {
if (g_strcmp0(value, "signed") == 0) {
fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_SIGNED_PAYLOAD);
} else if (g_strcmp0(value, "unsigned") == 0) {
fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UNSIGNED_PAYLOAD);
} else {
g_warning("payload value unexpected: %s, expected signed|unsigned", value);
}
fu_device_remove_internal_flag(device, FU_DEVICE_INTERNAL_FLAG_MD_SET_VENDOR);
}
}
static void
fu_engine_md_refresh_device_icon(FuEngine *self, FuDevice *device, XbNode *component)
{
@ -3895,6 +3923,8 @@ fu_engine_md_refresh_device_from_component(FuEngine *self, FuDevice *device, XbN
fu_engine_md_refresh_device_icon(self, device, component);
if (fu_device_has_internal_flag(device, FU_DEVICE_INTERNAL_FLAG_MD_SET_VENDOR))
fu_engine_md_refresh_device_vendor(self, device, component);
if (fu_device_has_internal_flag(device, FU_DEVICE_INTERNAL_FLAG_MD_SET_SIGNED))
fu_engine_md_refresh_device_signed(self, device, component);
/* fix the version */
if (fu_device_has_internal_flag(device, FU_DEVICE_INTERNAL_FLAG_MD_SET_VERFMT))